Ready to get started? We are, too.
alt

Sales

Monday - Friday

9:00 AM - 5:30 PM

1800 995 085

Request a sales callback

*Required fields

alt

Thank you for your submission!

Thank you for getting in touch. We will be in contact with you within 48 hours. To go back to our website, please click here.

Close

alt

Sales

Monday - Friday

9:00 AM - 5:30 PM

1800 995 085

alt

Sales

Monday - Friday

9:00 AM - 5:30 PM

1800 995 085

The site you requested may not be relevant in your area.

country flag

Guiding you through PSD2

The European Union introduced the Payment Services Directive 2 (PSD2) to make payments safer, increase consumer protection, foster innovation and competition. PSD2 is enshrined in law in most EU member state countries.

Read our Practical Impact Guide for eComm

Get your business ready for PSD2  Request a call back

The Expected Deadline

Count Down Timer

Latest thought leadership

Are you ready for PSD2

Are you ready for PSD2? 

Here’s a video to help you to understand that is happening and the impact on your business

Listen to our expert on SCA

Federico Gaffney, Senior Manager Payment Strategy Risk for Elavon Europe, talks us through the implementation of Strong Customer Authentication for eCommerce merchants

Elavon PSD2 Updates

  • Card Brand Compliance associated with Strong Customer Authentication

    To support the roll-out of EMV 3D Secure technology, there will be programmes throughout 2020 to help with the compliance of card brands - such as Visa and Mastercard.  These are to make sure that all eCommerce payments processed in the European Economic Area meet the required Strong Customer Authentication (SCA) by 31 December 2020, as part of the Payment Services Directive 2 (PSD2). SCA aims to drive down fraud and improve confidence in card payments, allowing that growing sector to continue to flourish.

    It is vital you actively manage your PSD2 compliance and monitor timelines for implementation.  You must have plans in place to operate to the highest version available of EMV 3D Secure. Card brand schemes, acquirers and gateways may well impose earlier deadlines to progress changes in good time to meet the official deadline.

    Act now to gain certification and avoid penalties. For example transactions at devices with no Chip and PIN capability [Magnetic swipe] and those that are completed by manually entering the card details when the cardholder is present [Pan Key Entry] will incur fees for the use of these less secure payment methods in card present environments - whether excluded from the scope of PSD2 or not, i.e. Transit.  There is cost associated with the introduction of PSD2, but the greatest cost will be loss of sales, as failure to comply will result in declined transactions. 

    Don’t forget the additional benefits to EMV 3D Secure: such as improved security, wider interoperability and flexibility to enable innovation, fewer barriers to market and greater choice to the consumer. 

    We will provide further updates on the impact to your business in our monthly Card Scheme Changes bulletin, and within our series of PSD2 updates. To discuss how you can mitigate those fees and amend your strategy to take best advantage of the changes, talk to us today.

  • The European Banking Authority (EBA) has announced today that the period for the implementation of Strong Customer Authentication (SCA) under Payment Services Directive (PSD2) will be 15 months, from the 14 September 2019. Strong Customer Authentication (SCA) must be applied to all electronic payments within the European Economic Area (EEA) by 31 December 2020.

    The EBA have acknowledged the complexity and challenges in the payments environment in Europe. To help manage the difficulties the EBA have granted flexibility to the National Competent Authorities (NCAs). The additional time is needed to ensure that all the stakeholders in the ecosystem; banks, acquirers, gateway providers and merchants equip themselves with the relevant tools to fully implement PSD2. They must deliver on time and minimise impact to consumers.

    During the extension period, the EBA and the European Commission (EC) will be particularly vigilant in monitoring the implementation of the directive. All players including NCAs must participate fully and assume all their supervisory responsibilities. Each player must produce and execute their migration plans in an expedited manner.

    Elavon has advocated for a pan-European migration plan that is consistent, harmonised and effective across all member states. However, several NCAs have taken different approaches to date, so there is a risk of differences in implementation. If that happens, it could be difficult, expensive and time-consuming for merchants and payment providers to customise their solutions

    At Elavon we will be working with the relevant NCAs to complete our migration plan. We are intensifying our communications and knowledge sharing with customers and partners.

    We are pleased to report very little disruption with the introduction of PSD2 SCA. This announcement by the EBA means that NCAs will not take any enforcement actions against any impacted entities, provided the entities are executing on their migration plan and meeting each of their individual milestones.

    Our aim is to enable you to carry out SCA to meet the regulations with the acceptance of 3D Secure V2 via our upgraded platforms. To deliver a smooth transition, we actively engage with all our partners and gateway providers that connect to our acquiring platform.

    Meeting PSD2 SCA obligations is our top priority. Our team of experts are ready to help you optimise your customers’ experience while avoiding payment declines and lost sales.

    This is a one-time implementation window and will not be extended beyond 31 December 2020.

    Avail of this limited time to ensure that your eCommerce payments are ready to be authenticated using 3D Secure V2. If you have 3D Secure V1 in place, upgrade to 3D Secure V2. This is a simple upgrade and your payment gateway provider will assist you with the details.

    If you have not used 3D Secure before, it might involve more work for you or your developer. Do not delay, it is important that you speak with your gateway provider or web developer to understand what is involved.

    We will continue to share further details with you as we receive and digest them. In the meantime, if you have any questions relating to the above, please speak with your Relationship Manager or our customer services team.

PSD2 explained

  • The following are the main exemption categories which can be applied by Elavon and/or the issuer:

    1. Low Value Exemption

    Remote transactions up to €30 (or equivalent in other currencies) and contactless transactions up to €50 (or equivalent in other currencies) do not require SCA up to a maximum of five consecutive transactions or a cumulative limit of €100 (€150 for contactless). If the cardholder initiates more than five consecutive low value payments, or if the total payments value exceed €100 (€150 for contactless), SCA will be required. Please note that currently, only Visa and Mastercard have released their requirements to support exemptions. The monitoring of the consecutive transactions and cumulative limits will be the responsibility of the issuer.

    2. Recurring Payment Exemption

    Some transaction types are initiated without the cardholder being present or in-session. In these cases, SCA cannot be performed and there are exemptions designed to accommodate these flows. In the case of recurring transactions (same amount) or other customer initiated transactions (variable amount), the initial capture of card details for storing on file must be authenticated using SCA – this results in a unique identifier that is used in subsequent transactions within a series to indicate to issuers that SCA has already been performed. To ensure that these transactions are exempted from

    SCA step-up requests, customers and their service providers must ensure that the card scheme MIT

    frameworks are followed and that all transactions are appropriately flagged as recurring with reference to the original transaction via the trace/transaction ID value.

    3. Transaction Risk Analysis (TRA) Exemption

    Issuers and acquirers’ may use TRA on customer’s partners’ behalf to exempt transactions from the need to have SCA performed. This effectively means that Elavon would analyse the transaction to determine the likelihood of it being genuinely performed by the cardholder and exempt it from 3DS. TRA will be available via two channels. Elavon will offer its own TRA service where Elavon will analyse transactions to determine if the transaction can be exempted from cardholder authentication. In addition Elavon will support TRA conducted by approved third parties. Further details on both services will be made available in due course. The issuer however will always have the final say, so for example, where Elavon were to apply the TRA exemption on our customers/partners’ behalf, the issuer retains the right to require SCA (known as step-up). The rules around TRA exemptions are complex and Elavon can only control how the transaction is handled up until the point that it is sent to the issuer. There are three threshold levels of exceptions – €100, €250 and €500. Elavon will be providing more guidance on TRA in the coming months.

    4. Trusted Payee Exemption (or whitelisting)

    With later levels of 3DS, cardholders will have the option to whitelist’ a business they trust with their card issuer. This means that the cardholder can elect to make a business a‘trusted payee’ and therefore transactions at a ‘whitelisted’ business are to be exempt from future SCA. Whether a cardholder’s elected wishes are upheld is totally the decision of their issuer, as the card issuer may reject the initial request or subsequent exemption requests if it has cause to do so. Furthermore, it is not known at this stage whether issuers will be ready to support whitelisting by 14 September 2019. Elavon are staying very close to developments regarding the Trusted Payee Exemption and will keep our customers/partners’ informed of the latest situation regarding this exemption category as they develop. It should be noted that a business (or their acquirer) cannot elect to be whitelisted themselves, this can only be done between the cardholder and their issuer.

    5. Secure Corporate Payments

    Payments made through dedicated corporate processes and protocols (e.g. lodge cards, central travel accounts and virtual cards) which are initiated by business entities, not available to cardholders and which already offer high levels of protection from fraud may be exempted from SCA. Elavon is working closely with the card schemes to understand the determination of these transactions and will inform customers/partners once it becomes available.

  • We expect that card issuers may decide to ask for extra confirmation through the use of voice referrals or an immediate refusal of the transaction. The transaction types currently not supporting the SCA functionality that are most at risk are:

    • 3DS1 transactions (where the issuer is only supporting 3DS2)
    • Magstripe transactions
    • Keyed customer present transactions
    • Non-authorised transactions
    • Chip fall back
    • Deferred authorisations (non-Chip and PIN transactions)
    • Unauthenticated eCommerce transactions
  • References the articles of the Regulatory Technical Standards (RTS) published by the European Bank Authority.

    Merchant Initiated Transactions (MIT)

    Merchant Initiated Transactions are payments initiated by the customer without the interaction of

    the cardholder, for example:

    • A single transaction, such as a cancellation fee
    • Recurring payments for fixed or variable amounts such as a monthly membership subscription
    • A series of transactions for a variable amount or at variable intervals – such as irregular payment instalments for a holiday, or a regular but variable amount such as a utility bill

    These transactions must be governed by an agreement between the cardholder and customer that, once agreed, allows the customer to initiate subsequent payments without any direct involvement of the cardholder However, SCA should be applied to the first transaction/action mandating the customer to initiate payment.

    Mail Order/Telephone Order (MOTO)

    MOTO transactions are not in scope for SCA, as the customer is not in the flow. However, there is a growing trend of fraud and chargebacks on MOTO transactions, and Elavon strongly recommend trying to find ways of taking transactions via eCommerce – perhaps using a Pay by Link type functionality.

    MOTO should only be used where the cardholder details have been provided via mail or phone and is not intended to cover customer present interactions via eCommerce or keyed transactions.

    Anonymous Transactions

    Due to their very nature, payments made through the use of an anonymous payment instrument, such as anonymous prepaid, for example, gift cards, are not subject to the obligation of SCA.

    Unattended Transport and Parking Terminals

    Any payment for transport fares or parking at unattended terminals (e.g. at an airport or train station) will not require SCA.

    One Leg Out Transactions

    It may not be possible to apply SCA to a transaction where the Issuer is located outside the EEA1 and is therefore considered out of scope of SCA. SCA should be applied to these transactions on a ‘best effort’ basis.

  • Since the introduction of PSD2 we have been actively monitoring approval rates to identify any impacts to your business.

    We notice that some banks have started to decline or ‘step-up’ contactless payments that require strong customer authentication (SCA).  This happens after a customer has made five contactless payments in a row (or once the payments have totaled €150).  The card will decline and the customer will be asked to insert their card in the machine and enter their PIN. If the transaction is still declined, advise the cardholder to contact their bank and request another payment method in that instance. 

    Checkout our ‘Practical Impact Guide for Face to Face’ to assist you through this transition period.

  • EMV 3D Secure is the standard protocol for SCA when accepting payments over the internet.  It helps to reduce fraud and cart abandonment, whilst seamlessly supplementing existing data with additional information.

    Upgrading to the latest version will allow you more flexibility as the merchant.  As well as providing the traditional shift in liability expected when applying EMV 3D Secure.

    EMV 3D Secure

    2.1

    2.2

    SCA for connected devices and web purchase

    Non-payment authentication scenarios, such as payment card on-boarding to merchant apps

    Provides for all available SCA exemption types 

    Europe specific scenarios in support of PSD2, such as trusted beneficiary and delegated authentication

    Biometric consumer user experience

  • Once you commence using EMV 3D Secure for authentication (provided that the liability shift date for your region is in effect) there is minimal risk of chargeback to your business.

    Activation dates for liability shift are variable based on network and geographical region.  Check with your gateway provider on the dates for your region.

Get your business ready for PSD2

We are committed to supporting your business in preparing for and complying with PSD2.

Request a call back